amm777
01-19-2009, 08:29 PM
I am using php to validate form data and insert into a mysql database as well as email the data. Everything works fine except when the form is not validated because required fields are left blank, an error message "Notice: Undefined variable: mailSent" appears at the top of the page. The error indicates the 25th line in the code below.
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if (array_key_exists('submit', $_POST)) {
//mail processing script
$to = 'amatonis@cmoresearch.com';
$subject = 'website contact form';
//list expected fields
$expected = array('contact_subject', 'question', 'first_name', 'last_name', 'company_name', 'job_title', 'address1', 'address2', 'city', 'state_or_province', 'postal_code', 'phone', 'email');
//set required fields
$required = array('contact_subject', 'question', 'first_name', 'last_name', 'email');
$headers = 'From: Website Contact Form<info@cmoresearch.com>';
$process = 'includes/process_mail.inc.php';
if (file_exists($process) && is_readable($process)) {
include($process);
}
else {
$mailSent = false;
mail($to, 'Server problem', "$process cannot be read", $headers);
}
if ($mailSent) {
require_once('Connections/connAdmin.php');
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO contact (contact_subject, question, first_name, last_name, company_name, job_title, address1, address2, city, state_or_province, postal_code, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['contact_subject'], "text"),
GetSQLValueString($_POST['question'], "text"),
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['last_name'], "text"),
GetSQLValueString($_POST['company_name'], "text"),
GetSQLValueString($_POST['job_title'], "text"),
GetSQLValueString($_POST['address1'], "text"),
GetSQLValueString($_POST['address2'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state_or_province'], "text"),
GetSQLValueString($_POST['postal_code'], "text"),
GetSQLValueString($_POST['phone'], "text"),
GetSQLValueString($_POST['email'], "text"));
mysql_select_db($database_connAdmin, $connAdmin);
$Result1 = mysql_query($insertSQL, $connAdmin) or die(mysql_error());
}
}
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
<link href="style.css" rel="stylesheet" type="text/css" />
<!--[if IE]>
<link href="ie.css" rel="stylesheet" type="text/css" />
<![endif]-->
</head>
<body>
<div id="container">
<?php include_once('includes/contact_top.inc.php'); ?>
<?php include_once('includes/head_main.inc.php'); ?>
<?php include_once('includes/horizontal_nav.inc.php'); ?>
<div id="sidebar">
<div id="sidebarFeature">
<h1>Other ways to contact us:</h1>
<h2>By mail</h2>
<p>470 Portage Lakes Drive<br />
Suite 102<br />
Akron, OH 44319</p>
<h2>By phone</h2>
<p>330.564.4211 (local)<br />
888.878.5875 (toll free)</p>
<h2>By email</h2>
<p>info@cmoresearch.com.</p>
</div>
</div>
<div id="content">
<h1>Contact Us</h1>
<?php
if ($_POST && isset($missing) && !empty($missing)) {
?>
<p class="warning">Please complete the missing item(s) indicated.</p>
<?php
}
elseif ($_POST && !$mailSent) {
?>
<p class="warning">Sorry, there was a problem sending your message. Please try again later.</p>
<?php
}
elseif ($_POST && $mailSent) {
?>
<p class="boldTeal">Your message has been sent. Thank you.</p>
<?php } ?>
<p>Complete the form below to request more information from CMOR. (Note: We will never share your personal information with any third party.)</p>
<p>* indicates a required field</p>
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<p>
<label for="contact_subject">Subject* <?php
if (isset($missing) && in_array('contact_subject', $missing)) { ?>
<span class="warning">Please enter a subject</span><?php } ?>
</label>
<input type="text" name="contact_subject" id="contact_subject"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['contact_subject']).'"';
} ?>
/>
</p>
<p>
<label for="question">Question* <?php
if (isset($missing) && in_array('question', $missing)) { ?>
<span class="warning">Please enter a question</span><?php } ?>
</label>
<textarea name="question" id="question" cols="45" rows="5">
<?php if (isset($missing)) {
echo htmlentities($_POST['question']);
} ?>
</textarea>
<label for="first_name">First name* <?php
if (isset($missing) && in_array('first_name', $missing)) { ?>
<span class="warning">Please enter your first name</span><?php } ?>
</label>
<input type="text" name="first_name" id="first_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['first_name']).'"';
} ?>
/>
</p>
<p>
<label for="last_name">Last name* <?php
if (isset($missing) && in_array('last_name', $missing)) { ?>
<span class="warning">Please enter your last name</span><?php } ?>
</label>
<input type="text" name="last_name" id="last_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['last_name']).'"';
} ?>
/>
</p>
<p>
<label for="company_name">Company name</label>
<input type="text" name="company_name" id="company_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['company_name']).'"';
} ?>
/>
</p>
<p>
<label for="job_title">Job title</label>
<input type="text" name="job_title" id="job_title"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['job_title']).'"';
} ?>
/>
</p>
<p>
<label for="address1">Business address</label>
<input type="text" name="address1" id="address1"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['address1']).'"';
} ?>
/>
</p>
<p>
<input type="text" name="address2" id="address2"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['address2']).'"';
} ?>
/>
</p>
<p>
<label for="city">City</label>
<input type="text" name="city" id="city"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['city']).'"';
} ?>
/>
</p>
<p>
<label for="state_or_province">State / Province</label>
<input type="text" name="state_or_province" id="state_or_province"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['state_or_province']).'"';
} ?>
/>
</p>
<p>
<label for="postal_code">Postal code (xxxxx)</label>
<input type="text" name="postal_code" id="postal_code"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['postal_code']).'"';
} ?>
/>
</p>
<p>
<label for="phone">Phone number (xxx-xxx-xxxx)</label>
<input type="text" name="phone" id="phone"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['phone']).'"';
} ?>
/>
</p>
<p>
<label for="email">Email address* <?php
if (isset($missing) && in_array('email', $missing)) { ?>
<span class="warning">Please enter a valid email address</span><?php } ?>
</label>
<input type="text" name="email" id="email"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['email']).'"';
} ?>
/>
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<input type="hidden" name="MM_insert" value="form1" />
</form>
</div>
<br class="clearfloat" />
<?php include_once('includes/footer.inc.php'); ?>
</div>
</body>
</html>
Here is the code for the included script that processes the email:
<?php
if (isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '.inc.php')) exit;
// remove escape characters from POST array
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
}
// create empty array for any missing fields
$missing = array();
// assume that there is nothing suspect
$suspect = false;
// create a pattern to locate suspect phrases
$pattern = '/Content-Type:|Bcc:|Cc:/i';
// function to check for suspect phrases
function isSuspect($val, $pattern, &$suspect) {
// if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
// if one of the suspect phrases is found, set Boolean to true
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}
// check the $_POST array and any subarrays for suspect content
isSuspect($_POST, $pattern, $suspect);
if ($suspect) {
$mailSent = false;
unset($missing);
}
else {
// process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
}
// otherwise, assign to a variable of the same name as $key
elseif (in_array($key, $expected)) {
${$key} = $temp;
}
}
}
// validate the email address
if (!empty($email)) {
// regex to identify illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
$suspect = true;
$mailSent = false;
unset($missing);
}
}
// go ahead only if not suspect and all required fields OK
if (!$suspect && empty($missing)) {
// initialize the $message variable
$message = '';
// loop through the $expected array
foreach($expected as $item) {
// assign the value of the current item to $val
if (isset(${$item})) {
$val = ${$item};
}
// if it has no value, assign 'Not selected'
else {
$val = 'Not selected';
}
// if an array, expand as comma-separated string
if (is_array($val)) {
$val = implode(', ', $val);
}
// add label and value to the message body
$message .= ucfirst($item).": $val\n\n";
}
// limit line length to 70 characters
$message = wordwrap($message, 70);
// create Reply-To header
if (!empty($email)) {
$headers .= "\r\nReply-To: $email";
}
// send it
$mailSent = mail($to, $subject, $message, $headers);
if ($mailSent) {
// $missing is no longer needed if the mail is sent, so unset it
unset($missing);
}
}
?>
Can someone please help?
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if (array_key_exists('submit', $_POST)) {
//mail processing script
$to = 'amatonis@cmoresearch.com';
$subject = 'website contact form';
//list expected fields
$expected = array('contact_subject', 'question', 'first_name', 'last_name', 'company_name', 'job_title', 'address1', 'address2', 'city', 'state_or_province', 'postal_code', 'phone', 'email');
//set required fields
$required = array('contact_subject', 'question', 'first_name', 'last_name', 'email');
$headers = 'From: Website Contact Form<info@cmoresearch.com>';
$process = 'includes/process_mail.inc.php';
if (file_exists($process) && is_readable($process)) {
include($process);
}
else {
$mailSent = false;
mail($to, 'Server problem', "$process cannot be read", $headers);
}
if ($mailSent) {
require_once('Connections/connAdmin.php');
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO contact (contact_subject, question, first_name, last_name, company_name, job_title, address1, address2, city, state_or_province, postal_code, phone, email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['contact_subject'], "text"),
GetSQLValueString($_POST['question'], "text"),
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['last_name'], "text"),
GetSQLValueString($_POST['company_name'], "text"),
GetSQLValueString($_POST['job_title'], "text"),
GetSQLValueString($_POST['address1'], "text"),
GetSQLValueString($_POST['address2'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state_or_province'], "text"),
GetSQLValueString($_POST['postal_code'], "text"),
GetSQLValueString($_POST['phone'], "text"),
GetSQLValueString($_POST['email'], "text"));
mysql_select_db($database_connAdmin, $connAdmin);
$Result1 = mysql_query($insertSQL, $connAdmin) or die(mysql_error());
}
}
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
<link href="style.css" rel="stylesheet" type="text/css" />
<!--[if IE]>
<link href="ie.css" rel="stylesheet" type="text/css" />
<![endif]-->
</head>
<body>
<div id="container">
<?php include_once('includes/contact_top.inc.php'); ?>
<?php include_once('includes/head_main.inc.php'); ?>
<?php include_once('includes/horizontal_nav.inc.php'); ?>
<div id="sidebar">
<div id="sidebarFeature">
<h1>Other ways to contact us:</h1>
<h2>By mail</h2>
<p>470 Portage Lakes Drive<br />
Suite 102<br />
Akron, OH 44319</p>
<h2>By phone</h2>
<p>330.564.4211 (local)<br />
888.878.5875 (toll free)</p>
<h2>By email</h2>
<p>info@cmoresearch.com.</p>
</div>
</div>
<div id="content">
<h1>Contact Us</h1>
<?php
if ($_POST && isset($missing) && !empty($missing)) {
?>
<p class="warning">Please complete the missing item(s) indicated.</p>
<?php
}
elseif ($_POST && !$mailSent) {
?>
<p class="warning">Sorry, there was a problem sending your message. Please try again later.</p>
<?php
}
elseif ($_POST && $mailSent) {
?>
<p class="boldTeal">Your message has been sent. Thank you.</p>
<?php } ?>
<p>Complete the form below to request more information from CMOR. (Note: We will never share your personal information with any third party.)</p>
<p>* indicates a required field</p>
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<p>
<label for="contact_subject">Subject* <?php
if (isset($missing) && in_array('contact_subject', $missing)) { ?>
<span class="warning">Please enter a subject</span><?php } ?>
</label>
<input type="text" name="contact_subject" id="contact_subject"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['contact_subject']).'"';
} ?>
/>
</p>
<p>
<label for="question">Question* <?php
if (isset($missing) && in_array('question', $missing)) { ?>
<span class="warning">Please enter a question</span><?php } ?>
</label>
<textarea name="question" id="question" cols="45" rows="5">
<?php if (isset($missing)) {
echo htmlentities($_POST['question']);
} ?>
</textarea>
<label for="first_name">First name* <?php
if (isset($missing) && in_array('first_name', $missing)) { ?>
<span class="warning">Please enter your first name</span><?php } ?>
</label>
<input type="text" name="first_name" id="first_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['first_name']).'"';
} ?>
/>
</p>
<p>
<label for="last_name">Last name* <?php
if (isset($missing) && in_array('last_name', $missing)) { ?>
<span class="warning">Please enter your last name</span><?php } ?>
</label>
<input type="text" name="last_name" id="last_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['last_name']).'"';
} ?>
/>
</p>
<p>
<label for="company_name">Company name</label>
<input type="text" name="company_name" id="company_name"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['company_name']).'"';
} ?>
/>
</p>
<p>
<label for="job_title">Job title</label>
<input type="text" name="job_title" id="job_title"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['job_title']).'"';
} ?>
/>
</p>
<p>
<label for="address1">Business address</label>
<input type="text" name="address1" id="address1"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['address1']).'"';
} ?>
/>
</p>
<p>
<input type="text" name="address2" id="address2"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['address2']).'"';
} ?>
/>
</p>
<p>
<label for="city">City</label>
<input type="text" name="city" id="city"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['city']).'"';
} ?>
/>
</p>
<p>
<label for="state_or_province">State / Province</label>
<input type="text" name="state_or_province" id="state_or_province"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['state_or_province']).'"';
} ?>
/>
</p>
<p>
<label for="postal_code">Postal code (xxxxx)</label>
<input type="text" name="postal_code" id="postal_code"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['postal_code']).'"';
} ?>
/>
</p>
<p>
<label for="phone">Phone number (xxx-xxx-xxxx)</label>
<input type="text" name="phone" id="phone"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['phone']).'"';
} ?>
/>
</p>
<p>
<label for="email">Email address* <?php
if (isset($missing) && in_array('email', $missing)) { ?>
<span class="warning">Please enter a valid email address</span><?php } ?>
</label>
<input type="text" name="email" id="email"
<?php if (isset($missing)) {
echo 'value="'.htmlentities($_POST['email']).'"';
} ?>
/>
</p>
<p>
<input type="submit" name="submit" id="submit" value="Submit" />
</p>
<input type="hidden" name="MM_insert" value="form1" />
</form>
</div>
<br class="clearfloat" />
<?php include_once('includes/footer.inc.php'); ?>
</div>
</body>
</html>
Here is the code for the included script that processes the email:
<?php
if (isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '.inc.php')) exit;
// remove escape characters from POST array
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
}
// create empty array for any missing fields
$missing = array();
// assume that there is nothing suspect
$suspect = false;
// create a pattern to locate suspect phrases
$pattern = '/Content-Type:|Bcc:|Cc:/i';
// function to check for suspect phrases
function isSuspect($val, $pattern, &$suspect) {
// if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
}
}
else {
// if one of the suspect phrases is found, set Boolean to true
if (preg_match($pattern, $val)) {
$suspect = true;
}
}
}
// check the $_POST array and any subarrays for suspect content
isSuspect($_POST, $pattern, $suspect);
if ($suspect) {
$mailSent = false;
unset($missing);
}
else {
// process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
}
// otherwise, assign to a variable of the same name as $key
elseif (in_array($key, $expected)) {
${$key} = $temp;
}
}
}
// validate the email address
if (!empty($email)) {
// regex to identify illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
// reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
$suspect = true;
$mailSent = false;
unset($missing);
}
}
// go ahead only if not suspect and all required fields OK
if (!$suspect && empty($missing)) {
// initialize the $message variable
$message = '';
// loop through the $expected array
foreach($expected as $item) {
// assign the value of the current item to $val
if (isset(${$item})) {
$val = ${$item};
}
// if it has no value, assign 'Not selected'
else {
$val = 'Not selected';
}
// if an array, expand as comma-separated string
if (is_array($val)) {
$val = implode(', ', $val);
}
// add label and value to the message body
$message .= ucfirst($item).": $val\n\n";
}
// limit line length to 70 characters
$message = wordwrap($message, 70);
// create Reply-To header
if (!empty($email)) {
$headers .= "\r\nReply-To: $email";
}
// send it
$mailSent = mail($to, $subject, $message, $headers);
if ($mailSent) {
// $missing is no longer needed if the mail is sent, so unset it
unset($missing);
}
}
?>
Can someone please help?